Lucene search
Rodel PlasabasWPVDB-ID:E383FAE6-E0DA-4ABA-BB62-ADF51C01BF8DHistorySep 27, 2021 - 12:00 a.m.
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-2700:00:00
Rodel Plasabas
wpscan.com
10
0.001 Low
EPSS
Percentile
24.9%
The plugin does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PoC
With the Form Builder "Dev Modeβ setting enabled, create a form and a field, then under the Display option of the field, add the following payload in the Custom Class Names Container field "> Save the field and form then view/preview the page with the form embed to trigger the XSS https://www.youtube.com/watch?v=Ax8QK5gEBUk
| CPE | Name | Operator | Version |
|---|---|---|---|
| ninja-forms | lt | 3.5.8.2 |
Related
cnvd
cnvd
WordPress Ninja Forms Contact Form plugin cross-site scripting vulnerability
2021-10-28 00:00:00
nvd
nvd
CVE-2021-24381
2021-10-25 14:15:09
prion
prion
Cross site scripting
2021-10-25 14:15:00
cve
cve
CVE-2021-24381
2021-10-25 14:15:09
wpexploit
wpexploit
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-27 00:00:00
openvas
openvas
WordPress Ninja Forms Plugin < 3.5.8.2 XSS Vulnerability
2021-11-03 00:00:00
cvelist
cvelist
CVE-2021-24381 NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-10-25 13:20:32